N-Able: Security Vulnerabilities
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-02
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-08
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-02-08
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.
CVSS Score
7.0
EPSS Score
0.007
Published
2023-09-11
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.
CVSS Score
7.0
EPSS Score
0.0
Published
2023-08-04
Page 2